Conventional methods for blocking and allowing access to an area via a locked entrance includes the use of a mechanical key, handled by a user, and a corresponding mechanical lock at the device blocking the entrance, e.g. an ordinary door having a mechanical lock. However, this old fashioned mechanical physical access control method is not very practical in some situations. For instance if you have a person that should have temporary access to the area then you would have to give that person an extra key for them to return to you when they should not have access to the area anymore. This key may be copied without permission and the person who had temporary access may thus gain access to the area until the lock is substituted for another lock. In another example you may want to allow a person access to the area only between 10 and 12 every Thursday. Such a scheme will be difficult to manage with mechanical keys. In order to allow such complicated access schemes electronic access systems are used.
There are various system designs for electronic access systems. For instance the electronic access system may be of a type having a centralised authentication system for authenticating credentials provided at a locked passage to an area and for authorising the unlocking of the passage. In another system the operation of authentication is distributed in a network to access controllers which are directly connected to the lock of the passage and which are arranged to authorise unlocking of the passage if a holder of an authenticated credential provided is authorized to pass into the area connected to the passage.
The credentials in these types of systems may be provided by the user at a device arranged to read credentials, i.e. a card reader, a keypad reading a code entered by a user, a reader of graphical codes such as barcodes or QR-codes, an Near Field Communication (NFC) reader, an RFID reader, a biometric scanner, e.g., reading fingerprints or retinas. Devices for reading credentials have to be connected to the access system in some way and generally they have to be connected via a cable to the centralised authentication system or a distributed access controller. The device for providing the credentials may also be a handheld device arranged to communicate over a cellular telephone network. In a system using a handheld device like this, a credential identifying the handheld device or the user using it is sent over the cellular telephone network to a gateway passing on the credential to an access network including the devices controlling the access to the area into which the user request access. Depending on the system the credential is either authenticated at a central authentication server or at a distributed access controller and then access is authorized centrally or at the distributed access controller. A temporary access credential may be allowed in these types of systems. However, if the network connection to the entrance of the area to access is down for one reason or another then the centralised system does not work as the authentication and authorisation is performed centrally and the signal to allow access cannot be passed to the lock of the door due to the network connection being down. This problem is partly solved by using local access controllers in a distributed system as the authentication and authorisation may be performed locally at the entrance to the area. One requirement for this latter to work properly is that the temporary access credential has been registered in the local access controller at the position of the entrance to the area before the network connection to the rest of the network or at least to the part of the network including the gateway to the cellular network and/or a credential setting service (which may be provided in any number of access controllers in the system) has been disconnected from each other. If this is not the case then the access controller have not received information relating to the temporary access credential. Anyhow, the handheld device communicating over the cellular telephone network is not able to communicate with the access controller at the entry to the area anyway as it is trying to communicate via the cellular network and the presently disconnected connection to the part of the network including the gateway.
Hence the problem with the known access systems is that they only work as long as the controller controlling the lock to the passage into the area is connected to the network.